Apple Inc. CEO, Steve Jobs posted a letter on Apple's website
that left some happy and others scratching their heads. "Let me just say
it: We want native third party applications on the iPhone, and we plan to have
an SDK in developers’ hands in February," Jobs stated in the letter.

This announcement seems in stark contrast to previous Apple
policy, including its firmware update v1.1.1,
which turns iPhones and iPod Touches with unauthorized third party applications
into "iBricks" and in standard phones locks the file system from
users installing third party applications. This update has led to two pending class
action lawsuits.

Others may note that February seems like a long time away and wonder at why the
SDK will take so long to be released. Jobs said that the reason for the
delay is to make sure the iPhone and iPod Touch are protected against malware
and viruses. The devices are far more vulnerable to virus than most people
think according to Jobs.

"Since the iPhone is the most advanced phone ever, it
will be a highly visible target," Jobs continued. He went on to say that
the months of patience will be rewarded by He said that the months of patience
will be rewarded by "Many years of great third party applications running
on safe and reliable iPhones."

There are a broad array of third party programs for the
iPhone and iPod Touch that do everything from instant messaging to phone
unlocking.

Third party developers are greeting
the news with guarded optimism. One third party developer, based out
of Denver said "I'm thrilled. I hope it is exactly as they say, full
third-party development."

Apple Inc., originally Apple Computer, has had a long
history of trying to keep technology proprietary and avoid licensing its
designs or allowing third party development. Many see this as a major
reason why it originally fell from dominance in the personal computer market to
a small market share.

Apple made no indication, unfortunately for some, that it was going to make any
effort to "unbrick" iPhones and iPod Touches that had unauthorized
third party apps and had been made into paperweights by the v1.1.1 firmware
update. It did not announce any programs to unfreeze these phones or to
provide warranty service for them.

Apple's position appears to be that until developers adopt the official SDK,
which will arrive in February, using their applications violates the iPod Touch
and iPhone warranties, as they see it as a form of "modification."

Apple has also not stated whether future version of the firmware will retract
the change, or whether they will continue to brick iDevices with unauthorized
third party applications.

Apple is remaining firm on its stance about unlocking: Unlock your iPhone and
update, and you phone will be dead. If you don't like it, they say, buy a
new iPhone and don't unlock it.

Yes exactly, but that does include malicious software disguised as something benign like freeware bust-a-move games or tip calculators. This is probably what you'd have to be concerned about with the iPhone as well.

There are other potential points of entry for bad code on windows mobile, like java midlets. I'm not sure exactly how malicious you can be with a midlet though.

Some people are going to hate this but I'm very much in favour of it. Rumor (yeah, OK...) has it that both Apple and Nokia are looking to provide central repositories of "blessed" applications that users can install from. The benefit of this is that all applications will have been vetted as being OK, both from a functional and security perspective. The downside of this is that developers won't be able to release applications that Apple doesn't like, either because they are bad applications or perhaps do something that is contrary to Apple's business model (definitely into iffy territory there). It very much depends on how heavy-handed Apple would be as to how well this would work, plus how quickly they can vet applications submitted to them before making them available to Joe Public. It remains to be seen whether this will happen (no doubt the arrival of the SDK will answer that) but there is a lot to be said for only downloading applications from a trusted source.

I think that this is what is coming in Leopard and therefore probably already exists in the iPhone - digital signatures for applications. I guess the theory is that if you download an application that has been appropriately signed then you can feel safer about running it but if the application doesn't have such a signature (or a bad one) then it's a case of "buyer beware" and it's your own choice to take the risk or not.

I do wonder, however, what level of confidence can be assigned to a signed application. What will it take to get a signature and can they be spoofed? Again, I'm sure we'll be hearing much more about this towards the start of 2008.